I don't know about you, but I researched to see what others were doing to keep their blog secure, and when I secured my WordPress blog, I found so much information I was confused. And some of the information was actually on the top or superstitious. People told me to rename this file, rename this folder and install these ten plugins. It seemed to be a lot of effort and work.
In addition to the text and graphics you're creating, you're going to need a protection and backup alternative for your new site. fix malware problem is significant, and if you back up your site and don't protect you could lose important data and information which may be hard to restore. You don't want to need to start over from scratch after you have done all that work, so be sure you're secure.
Protect your login credentials - Don't keep your login credentials where a hacker might locate them. Store them offsite, and even offline. Roboform is good for protecting them. Food for thought!
You also need to place the"Anyone Can Register" in Settings/General to away, and you ought to have some sort of spam plugin. Akismet is the one I use, the old standby, weblink but there are many of them these days.
Another step to take to make WordPress secure is to always upgrade WordPress. The reason behind this is that with every upgrade there also come fixes for old security holes making it essential to update early.
The plugin should be updated play nice, to remain current with the latest WordPress release and have WordPress cloning and restore capabilities. The ability to clone your site (in addition to regular backups) can be useful if you ever want to do an offline website redesign, among other things.